[
https://issues.apache.org/jira/browse/PDFBOX-6044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009057#comment-18009057
]
Tilman Hausherr commented on PDFBOX-6044:
-----------------------------------------
Reading this file with PDFDebugger gets me an EOF. The segment from
PfbParser.java that you want to change isn't in the code. (Maybe it is in
another change?)
One could argue that the existing code isn't secure enough
{code:java}
int size = in.read();
size += in.read() << 8;
size += in.read() << 16;
size += in.read() << 24;
LOG.debug("record type: {}, segment size: {}", recordType, size);
byte[] ar = new byte[size];
{code}
that "size" should be checked against the length of the input.
> Potential OOM in PfbParser
> --------------------------
>
> Key: PDFBOX-6044
> URL: https://issues.apache.org/jira/browse/PDFBOX-6044
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 4.0.0
> Reporter: David Justamante
> Priority: Minor
> Labels: patch
> Attachments: example.pdf, patch.diff
>
>
> This issue is being *manually* filed by the competition organizers. We
> recognize there is a number of AI generated submissions as of late. We have
> gone through the manual process of bug/patch validation to prevent
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition.
> (https://aicyberchallenge.com) This issue was discovered and validated by
> competition engineers during challenge development. The patch was manually
> constructed by the competition engineers.
> Read length then allocate. Integer overflow can cause the existing length
> check to fail. We think this is an actual bug because there is an existing
> check.
> (AIxCC Internal: CHA-1727)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
